Check records of operations for AWS resources with CloudTrail


AWS CloudTrail records AWS API call history, which is used for security auditing and other services such as GuardDuty.

Check security issues detected by GuardDuty, Inspector, and Macie, etc. in AWS Security Hub collectively - sambaiz-net

Event history

Event history is recorded per region by default, which is free. The retention period is 90 days, and data events, such as Lambda’s invoke and object-level operations in S3, are not included.


Creating a trail with selecting the Events to be recorded, logs of all regions are outputted to S3.

Enabling Data events will incur a charge based on the number of events, but you can filter them by ARN or eventName.


Once data is ingested into Lake, queries can be executed without creating Athena tables.

Data from AWS Config can now be imported, so you can check it together with Trail logs.